Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
492
Views
5
Helpful
4
Replies

can't ping router behind pix with no nat

harinirina
Level 1
Level 1

‎08-23-2006 12:08 AM - edited ‎02-21-2020 01:07 AM

Hi,

we need to remove nat 1 on our pix and apply nat 0 and configured pix like so.

Before, we could ping router behind pix, now , we can't anymore.

we use vlan, here's the config

Preview file
2 KB
0 Helpful
4 Replies 4

grant.maynard
Level 4
Level 4

‎08-23-2006 12:31 AM

the line "nat (inside) 0 0.0.0.0 0.0.0.0 0 0"

means "don't nat anything from the inside interface". This is very unlikely to be what you want.

Normally you have:

access-list noNAT permit ip inside_subnets subnets_you_don't_want _to_NAT_to

nat (inside) 0 access-list noNAT

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

0 Helpful

harinirina
Level 1
Level 1
In response to grant.maynard

‎08-23-2006 01:54 AM

That's what we really want to do, all traffic will not be natted when they pass through pix. They will be natted by the router behind the pix.

0 Helpful

grant.maynard
Level 4
Level 4
In response to harinirina

‎08-23-2006 07:28 AM

IF you do not want the PIX to do any NAT, try this:

no nat-control

0 Helpful

fausto-oliveira
Level 1
Level 1

‎08-23-2006 07:12 AM

You have two options :

1 - If you got the version 7.0 or superior you can turn the firewall to L2transparent where you don't need neither routing or NAT.

2 - You can do a Static (inside,outside) NETWORKADDRESS_INSIDE NETWORKADDRESS_INSIDE NETWORKMASK_INSIDE

This will do the trick of "not nating" the Inside IP addresses.

Please let me know if you run into any difficulties

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card